Certified Ethical Hacker (CEH v11) — Question 362

Bill has been hired as a penetration tester and cyber security auditor for a major credit card company.
Which information security standard is most applicable to his role?

Answer options

• A. FISMA
• B. Sarbanes-Oxley Act
• C. HITECH
• D. PCI-DSS

Correct answer: D

Explanation

The correct answer is PCI-DSS, as it specifically pertains to the security standards required for companies handling credit card transactions. FISMA focuses on federal information systems, the Sarbanes-Oxley Act relates to financial reporting, and HITECH deals with healthcare data, making them less applicable to Bill's role in a credit card company.